asp@cos.com (Andrew S. Partan) (11/04/88)
In article <1005@cps3xx.UUCP>, rang@cpsin3.cps.msu.edu (Anton Rang) writes: > Is it possible to restrict access to a newsgroup (on a particular > machine)? For instance, by changing the mode of its spool dir? > If so, this would solve 99% of the problems with a security group, > at least here--just don't give ordinary users privs to see it! It is possible to restrict a set of newsgroups to a group of readers - just make the news dirs 750, uid news, gid restricted group. Eg, in /usr/spool/news, we have (partial list): drwxr-xr-x 28 news news 512 Oct 12 22:40 alt drwxr-xr-x 42 news news 1024 Oct 25 21:42 comp drwxr-x--- 7 news tsd 512 Sep 27 14:05 cos Where alt & comp are open for all to read, and the cos.* newsgroups can only be read by people in the 'tsd' group (or by the uids news and root). This does not restrict *posting* - anyone can post to the cos.* newsgroups, but it does restrict *reading* - by any newsreader. Note that you can NOT turn this on & off (by time periods, i.e.: to restrict newsreading of certain newsgroups during the working day) because most newsreaders (at least vnews & readnews do) will assume that there is NO news if they can not get access to the article (they do not distinguish between no access & no such file, I would guess), and then update the .newsrc marking ALL of the articles as read. --asp (Andrew Partan @ Corporation for Open Systems) -- asp@cos.com or asp%cos.com@uunet.uu.net -- {uunet, sundc, decuac, hqda-ai, hadron}!cos!asp ASN.1 Object Identifier: "{joint-iso-ccitt mhs(6) group(6) 157}"
pf@csc.ti.com (Paul Fuqua) (11/05/88)
Date: Friday, November 4, 1988 8:39am (CST) From: asp at cos.com (Andrew S. Partan) Subject: Re: restrict access to a newsgroup (was Re: Proposal for comp.security) Newsgroups: news.groups,news.sysadmin It is possible to restrict a set of newsgroups to a group of readers - just make the news dirs 750, uid news, gid restricted group. .... This does not restrict *posting* - anyone can post to the cos.* newsgroups, but it does restrict *reading* - by any newsreader. Except one using NNTP from another machine. The NNTP server that's floating around uses another mechanism, and only for version 1.5 and later. pf Paul Fuqua Texas Instruments Computer Science Center, Dallas, Texas CSNet: pf@csc.ti.com (ARPA too, sometimes) UUCP: {smu, texsun, cs.utexas.edu, im4u, rice}!ti-csl!pf